The Life Brokerage Technology Committee (formerly NAILBA Technology) is a gathering of industry technology leaders with great experience to discuss and report on standards and trends. The group is represented by brokerage general agencies, carriers, medical information providers and solution vendors. Workflows were documented, data sets were negotiated, and appetite to change was measured. In short, the day’s discussions produced new solutions and road maps that materialized some years later. The committee’s work over the last two decades did bear fruit and greatly impacted cycle time, accuracy (IGO), underwriting, and digitalization to big data, while the cost savings were taken over by rising compliance cost.
Then COVID-19 hit us out of left field. A new virus to all of us, requiring us “overnight” to work from home, wear a mask and quarantine. Thankfully the current maturity of our available technology made it possible. The pandemic forced change also in the life insurance process as well. In 2016, 45 percent of BGA new business submissions were E-Apps (full) which by October 2020 jumped to 75 percent. In 2016 the number one E-App obstacle to adoption was “Agent Training.” It took a pandemic to create change and even other lines of businesses (i.e., annuity, long term care, final expense, group, disability) grew from nowhere to 20 percent.
LBTC conducted a 2020 survey that was different from the previous eight years of surveys. The new qualitative paradigm focused on areas of the workflow process to automate and standardize whereas the previous surveys focused quantitatively on tools and vendors. The PaperClip survey adhered to the old survey scheme because many people would use its results to help justify partnering on projects and decide who to spend resources on. Experience shows you want to engage with market leaders whereby the desired change being introduced would reach the largest audience possible. In review of the LBTC 2020 survey the takeaways were exchange standards, automated underwriting, commission standards and E-Policy delivery.
The leader by request remains “Data Exchange Standards” with the specific mention of Application Program Interface (API), and second was Automated Underwriting (AU). These two items are joined at the hip and to get an effective AU you will need the appropriate data. ACORD messaging as the standard for many years became problematic because of the different needs it had to address for data exchange, hence why virtually everyone had their flavors of ACORD standards. This is now changing to a less structured format, to a simpler JSON (paired values) model, while relying on a common data dictionary. The next question becomes who should create the data dictionary, LBTC or the vendor community? The LBTC is the best venue to construct the data dictionary terms and to manage the terms. The Data Dictionary, though, should support custom terms as needed.
Next is actual integration from the source data container (E-App, AMS, Paper App) to the receiving partner’s data container, SaaS to SaaS. So, let us start with the design question of “Point to Point” or a “Centralized Hub Model.” Well, the Centralized Hub Model is the most efficient choice based on our 22 years of experience exchanging over 70 million documents just last year among 1,400 Points of Presence (PoP). Today, data integration is dominated by point-to-point vendor SaaS PoP. One would think it should be a one to many, but every customer needs a change because they do things differently—ACORD’s challenge. Whoever brings the solution to market, it should be “Data Dictionary” based and the community (LBTC) should police it like we did with document exchange (can anyone say doctypes…).
The 2020 PaperClip Survey maintained the vendor questions so the reader can see what their peers are doing with their technology resources. We see from our customers a continued trend to move from on-premises to vendor SaaS solutions. The driving forces are work from home, compliance, and technology staffing cost. The buyer’s top requirements are compliance and integrations with other vendors. Larger offices (> 100 users) want Cloud (Azure, AWS, IBM, etc.) deployments because cyber security depth will only be accomplished in the Cloud.
The following results reflect vendors that singularly or collectively obtained more than 65 percent market share. The complete report can be downloaded from PaperClip’s website. The survey request was sent to over 5,000 people—249 started the survey and 39 participants completed it, dominated by BGA distributor’s (33). The responding BGAs reported they process 150 to 300 life and annuity applications per month. These BGAs process 80 percent of their business between six to 10 carriers. BGAs found very important to them “ease of doing business with,” “product pricing” and “relationship with the underwriter” in keeping their business. An agent is producing about 50 to 150 applications annually and the age of these producers are 40 to 60 years old.
BGAs use social media to attract agents and to keep current producers informed. The primary services are LinkedIn (87 percent), Facebook (56 percent) and Twitter (41 percent). Fifty-six percent advertise on these social services while only 38 percent prospect.
The following solution categories and vendors again represent the market share leaders, but each category is being challenged by new vendors that have a strong mobile offering. As noted above, the age of producers is just now including millennials and that group will gravitate to mobile selling tools. The most requested mobile applications are quotes, illustrations, and pending case status.
Customer relationship management (CRM) is the solution that manages your client relationships and interactions with prospects. There were eight different vendor responses, led by SmartOffice and “None,” and 25 percent of respondents do not use CRM tools. I expect significant change here with mobile adoption.
Agency Management Systems (AMS) market leaders remain iPipeline’s Agency Integrator and Ebix’s SmartOffice. Only 15 percent of BGAs open access to their AMS to producers. BGA’s would open more if “pending case status” was better. Fifty percent of BGAs use carrier web sites instead of accepting the AMS data feeds. The lack of timely and accurate data is the objection and remains on the BGA’s top five LBTC request list. Quote Engine had 14 vendors listed with the market share belonging to iPipeline’s LifePipe and Ebix’s VitalSales Suite.
Document management with eight vendors maintains PaperClip’s Virtual Client Folder as the market leader. Interesting here is that 13 percent of respondents report “None.” I hope this means they paper-out and store paper. If this means images on a local hard drive it would be considered today as gross neglect. BGAs preferred method of submission to carriers and receipt from medical service providers is “secure email” and “imaging vendor;” at zero percent, looks like the FAX machine and FTP servers are finished. Secure email delivery was led by PaperClip’s eM4 and TLS direct connect. Twelve percent reported “None” which opens their email traffic to the world—not a good thing.
Electronic Application (E-App) with six vendors noted is led by iPipeline’s iGO. The next group combined representing 30 percent were Applicint, Ebix’s LifeSpeed and PORCH. Twenty percent selected “None” with only one write in for “home grown.” E-App electronic signature most used was DocuSign followed by Click Wrap (10 percent). Deeper in the survey, Customers (41 percent) would prefer a simple “Click and Close” solution. Drop Ticket options support nine solutions with “Carrier’s Direct Link” and ApplicInt holding the market share. Agents that will take a paper application and then rekey it into an E-App was 25 percent and BGAs that keyed from paper was 36 percent. This tells us that 61 percent of new business is from distribution via E-App and 39 percent is still paper.
Electronic Licensing and Contracting (E Con) only had two vendors with the leading market share held by SureLC followed by “None” (18 percent). Electronic Policy Delivery (E-Policy) is owned by carrier provided solutions. The major reason is risk tolerance—each carrier wants it done their way. BGAs would like to see that change but I think this falls into that untouchable realm of events like Check21 and 1035s—a “carrier-controlled process.” The leading E-Policy E-Sign vendor is DocuSign.
Compliance was something new added to the survey. Since compliance continues to demand more resources, we wanted to see how those surveyed viewed compliance. Many misconceptions surround responsibility for unauthorized use of confidential information. The truth is, “You can outsource your technology but not your responsibility.” Managing third party confidentiality is a double-edged sword—it cuts both ways. Access to secure data starts with the User placing confidential data into the solution, which creates a liability for the vendor.
When asked, “Where do you maintain client confidential data?”, 28 percent reported “In House,” 44 percent “Vendor” and 33 percent “Both.” This means the majority of BGAs continue to maintain shadow files, most likely in digital format. Here is where we start judging neglect versus gross neglect. If you conducted the best practices of oversite required by federal and state authorities’ laws, regulations and rules, loss of data at worst could be found neglectful. If you ignore or only partially approached cyber security and conduct, you most definitely would be considered grossly negligent and most likely fined.
Compliance “Best Practices” start with documenting how you control confidential information. Areas to address typically fall into these categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. These policy documents serve as the basis of training your staff on how to manage the personal data customers have trusted you with. Once you have policies and procedures you must maintain these documents to reflect change that naturally occurs as a business scales both up and out.
Annually these processes are evaluated and tested by an approved auditing firm called Service Organization Controls Audits (SOC Audits) and, because you manage medical information, HIPAA Audit as well. As part of the SOC Audits you need to provide evidence of third-party penetration testing of your internal/external network assets where confidential data exist. The 2020 Survey reveals that 25 percent conduct SOC Audits, 43 percent HIPAA and eight percent PEN Testing. A positive trend is the adoption of Multi Factor Authentication (MFA /2FA) at 72 percent and Single Sign On (SSO) at 59 percent. BGAs need to become more aggressive with cyber security and compliance.
Since most solutions are outsourced to vendors, the good news is that you can get major SOC and HIPAA carve outs by leveraging the vendors compliance documentation (i.e., SOC2T2, HIPAA, PEN, etc.). This helps to keep your audit simple. Some simple suggestions: Your “Clean Desk” policies should ban the keeping of shadow files and all employees should execute a privacy agreement that identifies your documented policies. Training and infrastructure maintenance should be continuous, so start a business objective to get audited (everyone starts with a SOC2 Type 1) and ask your auditor if they would combine it with HIPAA because the auditing controls are very similar. Great time and cost saver.
To improve cyber security, I would recommend we move to a 10-character minimum password scheme. Today, according to many experts, it takes five hours to crack an eight character all lowercase password, while it takes four months to crack a 10 character all lowercase password. Very strong passwords at eight characters can take a couple of years to crack and the Vendor community follows the strong password requirements. Truth is that hackers are not trying to hack your password when it’s proven to be easier with Phishing, password sharing, and poor system design that leaves passwords stored on-site in text files, databases, browsers and the actual code or email with no encryption.
Overall, the survey was good with positive trends to eliminating paper and touch points to process business. E-App for term and other simplified issue products has strong adoption, agent self-service portals have come online, automatic underwriting is rolling out quickly and “I’ve got a guy” quoting is seeing investment from BGAs, IMOs and carriers. Vendors have new challenges too—integration. The world of cyber security and compliance is making it harder to align with vendor partners that have a mature cyber security regimen. The risk of integration is in competition with Users ease of use. Example: If you’re downstream of a SSO integration, how can you document that SSO complied with MFA? How can you document your TLS connection did connect securely? How did the agent manage the information they electronically captured and sent to you? What are their safeguards?
Distribution is making the change and the industry is prepared.